我正在尝试创建以下策略,以授予对我的一个任务定义 (ECS) 的 Amazon S3 的完全访问权限。这是我正在使用的地形代码:
data "aws_iam_policy_document" "inline_policy_s3" {
version = "2012-10-17"
statement {
sid = ""
actions = ["sts:AssumeRole", "s3:*"]
effect = "Allow"
resources = ["*"]
principals {
type = "Service"
identifiers = ["ecs-tasks.amazonaws.com"]
}
}
}
resource "aws_iam_role" "task_role" {
name = "ecs_service_task_role"
assume_role_policy = data.aws_iam_policy_document.inline_policy_s3.json
}
问题是我在运行时收到此错误terraform apply
:
╷
│ Error: Error creating IAM Role ecs_service_task_role: MalformedPolicyDocument: Has prohibited field Resource
│ status code: 400, request id: 25afe8f8-cc66-4533-8f66-9a1f2aeb656b
│
│ with module.service.aws_iam_role.task_role,
│ on service/task_role_policy.tf line 16, in resource "aws_iam_role" "task_role":
│ 16: resource "aws_iam_role" "task_role" {
│
╵
我尝试更改策略的某些属性,但找不到问题。知道发生了什么吗?